xss-sanitize 0.3.5.4 → 0.3.5.5
raw patch · 2 files changed
+4/−4 lines, 2 filesdep ~utf8-stringPVP ok
version bump matches the API change (PVP)
Dependency ranges changed: utf8-string
API changes (from Hackage documentation)
Files
- README.md +1/−1
- xss-sanitize.cabal +3/−3
README.md view
@@ -55,7 +55,7 @@ Ultimately this is where your security comes from. I would expect that a faulty white list would act as a strong deterrent, but this library strives for correctness. -The [source code of html5lib](http://code.google.com/p/html5lib/source/browse/python/html5lib/sanitizer.py) is the source of the white list and my implementation reference. If you feel a tag is missing from the white list, check to see if it has been added there.+The [source code of html5lib](https://github.com/html5lib/html5lib-python/blob/master/html5lib/sanitizer.py) is the source of the white list and my implementation reference. If you feel a tag is missing from the white list, check to see if it has been added there. If anyone knows of better sources or thinks a particular tag/attribute/value may be vulnerable, please let me know. [HTML Purifier](http://htmlpurifier.org/live/smoketests/printDefinition.php) does have a more permissive and configurable (yet safe) white list if you are looking to add anything.
xss-sanitize.cabal view
@@ -1,5 +1,5 @@ name: xss-sanitize-version: 0.3.5.4+version: 0.3.5.5 license: BSD3 license-file: LICENSE author: Greg Weber <greg@gregweber.info>@@ -21,7 +21,7 @@ library build-depends: base == 4.*, containers , tagsoup >= 0.12.2 && < 1- , utf8-string >= 0.3 && < 1+ , utf8-string >= 0.3 && < 1.1 , css-text >= 0.1.1 && < 0.2 , text >= 0.11 && < 2 , attoparsec >= 0.10.0.3 && < 1@@ -41,7 +41,7 @@ cpp-options: -DTEST build-depends: base == 4.* , containers , tagsoup >= 0.12.2 && < 1- , utf8-string >= 0.3 && < 1+ , utf8-string >= 0.3 && < 1.1 , css-text >= 0.1.1 && < 0.2 , text >= 0.11 && < 2 , attoparsec >= 0.10.0.3 && < 1